Privacy Policy

Effective Date: 24-04-25

Privacy Policy. Effective as of February 5, 2025

PREAMBLE

This privacy policy takes into account Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the Italian Privacy Code (Legislative Decree 30 June 2003 No. 196). This document has also been prepared based on the Guidelines of the Italian Data Protection Authority (especially the anti-spam guidelines issued on July 4, 2013).

Data Controller: Christian de Musso

Website to which this privacy policy applies: https://www.sonoraibiza.com

The Data Controller has not appointed a DPO (Data Protection Officer). Therefore, you may send any information request directly to the Data Controller.

⸻

GENERAL INFORMATION

This document describes how the Data Controller processes your personal data provided on the Website.

Below are the main types of personal data processing. The legal basis of the processing is explained, whether providing the data is mandatory, and the consequences of not providing your personal data. To better explain your rights, we have specified whether and when certain processing activities do not take place.

Site Registration

The Website does not offer registration functionality. Therefore, the Data Controller does not process your personal data for this purpose.

Purchases on the Website

Purchases cannot be made through the Website. Therefore, your personal data will not be processed for this purpose. The Data Controller does not process user data to send “reminder” emails regarding purchases of products and/or services.

Responding to Your Requests

Your data will be processed to respond to your information requests. Providing data is optional, but failure to do so will prevent the Data Controller from responding to your queries. The legal basis for the processing is the legitimate interest of the Data Controller in responding to user requests, which aligns with the user’s interest in receiving a reply.

General Marketing

The Data Controller will not send you advertising and/or newsletters regarding their or third-party products. We use services such as Google Ads and Google Analytics to personalize advertising and enhance the user experience. This includes collecting personal data and cookies to show ads tailored to your preferences. When giving consent, you will be asked to authorize the use of this data. For more details, please see the cookie policy of this Website.

Profiling

The Data Controller does not conduct profiling based on your personal data. Therefore, you will not receive advertising or newsletters about specific products of interest.

Data Sharing

The Data Controller does not sell your personal data to third parties.

Geolocation

The Website does not use tools to geolocate the user’s IP address.

Curriculum Vitae

It is not possible to send résumés through the Website. Therefore, your data will not be processed for this purpose.

Appointment Booking

The information and data you provide to book an appointment or service will be used to allow the booking with the Data Controller, as outlined on the Website. The legal basis is the necessity to carry out pre-contractual measures upon request. Providing data is optional, but refusal will prevent you from booking an appointment/service on the Website.

Photos and Videos

The Data Controller does not request the publication of photos and/or videos depicting you. Therefore, your data will not be processed for this purpose.

Web Scraping

The use of any automated process or system to access, acquire, copy, or monitor any part of our website — including but not limited to web scraping, crawling, or spidering — is expressly prohibited. The Data Controller reserves the right to take all necessary measures, including legal action, to prevent and address any unauthorized scraping activity. By using the Website, you or any third party agree not to:

(i) use automated systems like bots, scrapers, or spiders to access or interact with the Website;

(ii) collect content, data, or other information without explicit written authorization;

(iii) distribute, display, publish, or otherwise use content acquired through scraping without consent.

Violating this clause is considered a material breach of the Website’s terms of use and may result in access suspension and legal action.

⸻

SPECIFIC PRIVACY NOTICE

Art. 1 – Data Processing Methods

1.1 Your personal data will primarily be processed using electronic or automated tools, in ways that ensure data security and confidentiality.

1.2 The information acquired and the processing methods will be relevant and not excessive concerning the services provided. Your data will also be stored in secure IT environments.

1.3 The Website does not process special categories of personal data (e.g., racial/ethnic origin, religious or political beliefs, health or sexual life).

1.4 The Website does not process judicial data.

⸻

Art. 2 – Communication of Personal Data

The Data Controller may share your data with specific categories of recipients. For example, when using YouTube (managed by Google LLC), some personal data may be collected and shared to allow video playback through the YouTube API. These may include:

• IP Address (used for video connection)

• Behavioral Data (e.g., video views, interaction time)

• Location Info (for geographically relevant content)

Using the site and its embedded YouTube videos means you agree to YouTube’s Terms of Service (https://www.youtube.com/t/terms) and privacy policy (http://www.google.com/policies/privacy).

Further recipients may include:

• Public authorities and legal advisors

• No employees, collaborators, CRM platforms, customer care services, banks, or courier services are used.

This list may be updated; please check regularly for changes.

⸻

Art. 3 – Data Retention

3.1 Data will be kept only as long as needed for the Website’s services.

• Marketing: until consent is withdrawn; inactive users’ data deleted after 1 year.

• Sales contract: 10 years (for legal defense).

• Customer care: up to 3 months after the last email exchange.

• Invoices/accounting: stored for at least 10 years.

3.2 Data may be retained further if required by specific laws.

⸻

Art. 4 – Data Transfers

4.1 The Data Controller is located in a country with adequate legal data protection. Data may be transferred to the USA, following the European Commission’s adequacy decision.

4.2 Data may also be transferred to non-EU countries lacking such adequacy decisions. You should check this article regularly for updates.

4.3 The Data Controller may target its activity to specific countries, potentially requiring compliance with that country’s laws in addition to the ones in this policy.

⸻

Art. 5 – Data Subject Rights

You have the right to:

• Access, rectify, or erase your data

• Restrict or object to processing

• Data portability

• Withdraw consent at any time (without affecting past processing)

• Lodge a complaint with a supervisory authority

You may exercise your rights by contacting the Data Controller using the contact details provided in the Preamble.

⸻

Art. 6 – Amendments and Miscellaneous

The Data Controller may amend this privacy policy at any time and will notify users accordingly. Please check this policy regularly. Substantial changes may also be communicated via email.